1 /*

     2  * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.  Oracle designates this

     8  * particular file as subject to the "Classpath" exception as provided

     9  * by Oracle in the LICENSE file that accompanied this code.

    10  *

    11  * This code is distributed in the hope that it will be useful, but WITHOUT

    12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    14  * version 2 for more details (a copy is included in the LICENSE file that

    15  * accompanied this code).

    16  *

    17  * You should have received a copy of the GNU General Public License version

    18  * 2 along with this work; if not, write to the Free Software Foundation,

    19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    20  *

    21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    22  * or visit www.oracle.com if you need additional information or have any

    23  * questions.

    24  */

    25 

    26 /*

    27  *

    28  *  (C) Copyright IBM Corp. 1999 All Rights Reserved.

    29  *  Copyright 1997 The Open Group Research Institute.  All rights reserved.

    30  */

    31 

    32 package sun.security.krb5.internal.rcache;

    33 

    34 import sun.security.krb5.internal.Krb5;

    35 import java.util.LinkedList;

    36 import java.util.ListIterator;

    37 import sun.security.krb5.internal.KerberosTime;

    38 

    39 /**

    40  * This class provides an efficient caching mechanism to store the timestamp of client authenticators.

    41  * The cache minimizes the memory usage by doing self-cleanup of expired items in the cache.

    42  *

    43  * @author Yanni Zhang

    44  */

    45 public class ReplayCache extends LinkedList<AuthTime> {

    46 

    47     private static final long serialVersionUID = 2997933194993803994L;

    48 

    49     // These 3 fields are now useless, keep for serialization compatibility

    50     private String principal;

    51     private CacheTable table;

    52     private int nap = 10 * 60 * 1000; //10 minutes break

    53 

    54     private boolean DEBUG = Krb5.DEBUG;

    55 

    56     /**

    57      * Constructs a ReplayCache for a client principal in specified <code>CacheTable</code>.

    58      * @param p client principal name.

    59      * @param ct CacheTable.

    60      */

    61     public ReplayCache (String p, CacheTable ct) {

    62         principal = p;

    63         table = ct;

    64     }

    65 

    66     /**

    67      * Puts the authenticator timestamp into the cache in descending order.

    68      * @param t <code>AuthTime</code>

    69      */

    70     public synchronized void put(AuthTime t, long currentTime) {

    71 

    72         if (this.size() == 0) {

    73             addFirst(t);

    74         }

    75         else {

    76             AuthTime temp = getFirst();

    77             if (temp.kerberosTime < t.kerberosTime) {

    78                 // in most cases, newly received authenticator has

    79                 // larger timestamp.

    80                 addFirst(t);

    81             }

    82             else if (temp.kerberosTime == t.kerberosTime) {

    83                 if (temp.cusec < t.cusec) {

    84                     addFirst(t);

    85                 }

    86             }

    87             else {

    88                 //unless client clock being re-adjusted.

    89                 ListIterator<AuthTime> it = listIterator(1);

    90                 while (it.hasNext()) {

    91                     temp = it.next();

    92                     if (temp.kerberosTime < t.kerberosTime) {

    93                         add(indexOf(temp), t);

    94                         break;

    95                         //we always put the bigger timestamp at the front.

    96                     }

    97                     else if (temp.kerberosTime == t.kerberosTime) {

    98                         if (temp.cusec < t.cusec) {

    99                             add(indexOf(temp), t);

   100                             break;

   101                         }

   102                     }

   103                 }

   104             }

   105         }

   106 

   107         // let us cleanup while we are here

   108         long timeLimit = currentTime - KerberosTime.getDefaultSkew() * 1000L;

   109         ListIterator<AuthTime> it = listIterator(0);

   110         AuthTime temp = null;

   111         int index = -1;

   112         while (it.hasNext()) {

   113             //search expired timestamps.

   114             temp = it.next();

   115             if (temp.kerberosTime < timeLimit) {

   116                 index = indexOf(temp);

   117                 break;

   118             }

   119         }

   120         if (index > -1) {

   121             do {

   122                 //remove expired timestamps from the list.

   123                 removeLast();

   124             } while(size() > index);

   125         }

   126         if (DEBUG) {

   127             printList();

   128         }

   129     }

   130 

   131 

   132     /**

   133      * Prints out the debug message.

   134      */

   135     private void printList() {

   136         Object[] total = toArray();

   137         for (int i = 0; i < total.length; i++) {

   138             System.out.println("object " + i + ": " + ((AuthTime)total[i]).kerberosTime + "/"

   139                                + ((AuthTime)total[i]).cusec);

   140         }

   141     }

   142 

   143 }